Skip to main content

Affected by a data breach? What to do next

Take some crucial first steps to minimize potential damage and help protect yourself for the long term.

Your favorite big box store or luxury hotel chain announces it has suffered a data breach. That means hackers have stolen its customers’ personal or financial information for fraudulent use. Of course, you feel like panicking, because this is serious business. But you have ways to defend yourself.

What to do immediately

  • Look out for a notification. If your information has been compromised, the company should alert you by letter or email. Or you might learn about a breach from your financial institution when your card is reissued. Please remember, just because your bank or credit card company reissued your card, it does not mean that fraud has occurred or will occur on your account.
  • Activate and start using your new card. Be sure to destroy the old card and checks, if applicable.
  • Change your passwords. If you use the same password on multiple sites, access to these accounts can more quickly be gained based on one successful entry. Change these passwords immediately following news of a data breach. Take time now to ensure that you have strong and unique passwords across all your online sign-ins.

In the coming days and weeks

  • Consider setting up a fraud alert or freezing your credit bureau report. If your Social Security number was compromised, contact one of the three credit bureaus (Equifax, Experian and TransUnion) to freeze your credit or place a fraud alert. Once you’ve filed with one agency, they will notify the other two on your behalf.
  • Monitor your accounts for suspicious activity. Check your accounts regularly for unfamiliar charges—especially if your credit or debit card numbers were exposed. Small charges for odd amounts, like $4.46 or $20.39, could be the first signs of a much bigger problem. You could also sign up to get real-time transaction alerts, so you can spot and flag unauthorized charges.
  • Be alert to social engineering attempts. Keep an eye out for any unusual emails or text messages, especially if they appear to come from the retailer that experienced the breach. These could be phishing attempts from hackers. Verify that the communication is legitimate by calling the organization back through an official phone number.

As time goes on

  • Take advantage of free credit monitoring. Following a data breach, companies often provide free credit monitoring services or identity theft protection to customers. Consider accepting it—and request a free credit report once a year from each credit bureau at
  • File taxes early. Get a jump on your taxes to prevent a scammer from using your Social Security number to file a fraudulent return. If you’ve already filed, the IRS will flag the second return as suspicious. If you wait, yours could be the one that gets flagged.

    By following this checklist, you may minimize the effects of the breach and help keep your personal and financial information safe.
Close Disclaimer

The material provided on this website is for informational use only and is not intended for financial, tax or investment advice. Bank of America and/or its affiliates, and Khan Academy, assume no liability for any loss or damage resulting from one’s reliance on the material provided. Please also note that such material is not updated regularly and that some of the information may not therefore be current. Consult with your own financial professional and tax advisor when making decisions regarding your financial situation.

Up Next

Contact Us